Router to Router VPN Config Guidance

fmatrine · ‎10-22-2004

Dear Sir,

we hv a network setup with Internet Leased Line terminating on a router.

Behind the router we hv a pix 506 firewall and then our office lan.

We hv same setup at our branch office in some other country.

We are planning to form a Site-to-Site VPN tunnel from our Corporate office router to branch office router over internet.Data flow will be in both the direction over the vpn tunnel.

Also Mail and webserver of our corporate office lan will be accessed from outside world. we will be doing a Nat'ing on the firewall for the same.

Sometimes corporate users may be required to browse the internet on the same internet leased link.Is split tunneling or any other configuration required on the corporate and branch router to differentiate between vpn and normal browsing traffic going out of the corporate Lan.

Will there be any problem in the proposed implementation.

Kindly advice /suggest with a working config for the same.

Topology..

Corporate Lan-Firewall-Router-Internet(ISP)-Branch Router-Firewall-Branch Lan.

Thanks&Regards

Deepak

ddawson · ‎10-22-2004

Your design sounds like a very typical configuration. Split tunneling is really only a factor for remote VPN clients, not site-to-site. The configuration of the VPN will specify with access-lists which network(s) at each end will use the VPN, and all other traffic will be routed the usual was as if there was no VPN. It should just work the way you'd hope it would.

Good luck, and let us know if you have more questions.

fmatrine · ‎10-23-2004

Dear Sir,

Can u post a sample config or any document depicting my scenario.

Regards

Deepak

fmatrine · ‎10-25-2004

Dear All,

I need assistance (Sample config) for configuring the above topology.

Regards

Deepak